• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Input Enhancement suggestions for Plesk's fail2ban filters

PeterKi

Regular Pleskian
When I look into the log files of my linux server, I can see some frequent vulnerability access attempts which are not addressed by Plesk's preconfigured fail2ban filters.
I suggest adding filters for postfix-sasl and postfix-ssl as well as for apache-404 scans into plesk to more harden a server.

My experience shows good results with the filters given below.

filter.d/apache404.local
[Definition]
failregex = <HOST> - .* "(GET|POST|HEAD).*HTTP.*"\s404\s
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)

[INCLUDES]
before = common.conf

filter.d/postfix-sasl.local
[Definition]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed([\s\w+\/:]*={0,4})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$

[INCLUDES]
before = common.conf

filter.d/postfix-ssl.local
[Definition]
failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]
ignoreregex =

[INCLUDES]
before = common.conf

And these are the correseponding jail configs:
 
Hi,

Could you please create a report for these enhancements?

 
Back
Top